INFORMATION ON PROCESSING
AND PROTECTION OF PERSONAL DATA (GDPR)
This Document is a summary of the implementation of the obligations and measures for the protection of personal data resulting from the Regulation of the European Parliament and the EU Council 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC („GDPR”) by the owner of the CITY DONNA Online Store on the website www.citydonna.com (hereinafter referred to as the „Store”) .
THE ADMINISTRATOR OF PERSONAL DATA is:
CD FASHION ÖMER ATASEVEN, with its registered office at ul. Graniczna 67b, lok. 2, 93-428 Łódź, Poland, kept on the basis of an entry in the Central Register and Information on Economic Activity kept in the IT system by the Minister of Economy, NIP 7251994289, represented by the owner Mr Ömer Ataseven
The Administrator applies the following rules in the field of data processing and protection:
- The Administrator takes all technical and physical measures to ensure proper protection of the Customers personal data against possible loss, misuse, as well as against unauthorized access and alteration of this data. The Administrator makes every effort to ensure that the data is safe. For this purpose, appropriate security measures are used, e.g. firewalls, data encryption, physical database access controls and information access authorization controls.
- The Personal data may be processed, among others in order to: conclude and perform the Agreement, verify the User, perform any Services available on the Administrator’s website / websites, direct marketing of the Administrator’s own products or services, as well as for analytical purposes (including profiling), statistical and internal reporting, considering complaints, ensuring the security of legal and economic transactions, redress, archiving.
- The Administrator may process your personal data for direct marketing, own products or services pursuant to art. 6 sec. 1 lit. f of the General Data Protection Regulation (GDPR).
- To the extent that it is necessary due to the nature of the Administrator’s activity, the Administrator may process data, i.e. name, surname, name and company data of the Customer, address, e-mail address, telephone number, NIP, REGON, KRS and other data required under the Act on accounting, records of communication between the Customer and the Store in the form of written correspondence (e-mail, letter, fax), other written documents, audio recordings of telephone calls or other types of voice calls, information collected by „cookies”, via the website, IP address, login times, operating system and browser type, data of visits to the Store’s website, including, but not limited to: traffic data, location data.
- The Administrator may process and store personal data for a period of 10 years from the date of expiry of the obligation under the Agreement.
- For the proper provision of the Services, it may be necessary to provide some of the collected information and data to other entities associated with the Administrator (including partners / external entities / contractors) responsible for the transaction, for example (but not exclusively) in the field of accounting, deliveries, transport, etc.
- The Administrator has the right and sometimes also the obligation, to disclose data and information about the Customers / Users to the appropriate authorities. By using the Services, the Customer consent to the transmission of such information for the purposes of providing the Services. In particular, the User agrees to disclose the required information to the Police and other criminal or legal enforcement agencies, security services, authorized governmental, intergovernmental institutions, market regulators and industry regulators and other organizations.
- The Administrator has the right to disclose the required information to payment service providers, i.e. auditors, customer service providers, credit reference agencies and agencies for combating financial crime, suppliers of financial products, commercial partners, companies providing marketing and public relations services, providers of operational services, trade. The purpose of such disclosure is to enable the Administrator to provide Services to the User. Unless expressly stated otherwise, these entities, on the basis of applicable law and concluded contracts, may not use this information for purposes other than the purposes for which this information was made available to them.
- The obligation to provide your personal data results from the law and is consistent with the purposes and assumptions of the concluded Agreement. Providing personal data for the purposes of verifying the User is a condition for concluding the Agreement and for using the Administrator’s Services. Providing personal data for marketing purposes is voluntary.
- The Customer has the right to access his data and to make corrections, supplement, update, transfer, limit and delete it at any time.
- If you need more information or you want to raise any objections, complains or get help with your personal data, please contact our Data Protection Officer (DPO): [email protected]